Posted 03 February 2010 - 02:37 PM
I was recently called to help a friend with a spyware attack. The visible threat was a version of the Internet Security Suite 2010.
Safe-Mode was disabled, taskmanager was disabled, the installed AV/Firewal/Spyware product was "running" but had obviously been compromised (Trend Micro Internet Security Suite).
MBAM was having trouble getting installed, even after re-naming the file (I see now that your 'site has added an "mbam.exe" download). I had previously found a link to your ComboFix app, and had downloaded it (I see now that you guys have added a lot of warnings about using it). I ran ComboFix and it worked superbly (Thanks!). And I will be getting MBAM running on it to double-check the cleaning process, as ComboFix reported rootkit issues.
Upon returning to your site I now see all the warnings about using ComboFix. I'll certainly be a lot more circumspect about using it in the future. But after all that I have a few questions.
1. What issues are you seeing as a result of ComboFix being run on Windows XP systems?
2. Is Vista more tempermental than XP for a ComboFix attempt?
3. If the threat worked-around the installed Trend Micro Internet Security Suite in the first place, is that software any good now, post-infection? Or does it have to be replaced/re-installed to have any chance of being effective again?
4. Are you seeing any problems with AVG 9.0 / ZoneAlarm/ Ad-Aware/ MBAM (free)?
5. Do you recommend doubling/tripling-up anti-spyware installs, I'm leaning towards Ad-Aware/Spybot as they are familiar? But if you'er seeing them fail regularly, then I can sure investigate other packages?
6. I see you recommend SuperAntiSpyware a lot, is there an AV/Firewall package it works well/preferably with?
7. Are there packages you recommend against?
8. Do you feel a delete-all-partitions and completely re-install Windows approach fully removes rootkit infections, is it possible for a rootkit to make it thru that process?
I'll continue to read thru the various forums and guides on you site, I just thought I'd see if there was a consensus about preferred tools.